The Elevator Explanation: SharePoint, OneDrive Data Security

As your organization commits more and more critical content to SharePoint--especially online--data security concerns increase.

Advertisement

As your organization commits more and more critical content to SharePoint--especially online--data security concerns increase.

Microsoft's SharePoint Team recently published a blog post touting OneDrive's and SharePoint's data security capabilities. "When you store your data in OneDrive for Business or SharePoint Online, it’s safeguarded with the strongest encryption and detection technologies available," states the post.

1. All content is encrypted, potentially with multiple keys, and distributed across the datacenter. Each file to be stored is broken into one or more chunks, depending its size. Then, each chunk is encrypted using its own unique key. Updates are handled similarly: the set of changes, or deltas, submitted by a user is broken into chunks, and each is encrypted with its own key.

2. All of these chunks—files, pieces of files, and update deltas—are stored as blobs in our blob store. They also are randomly distributed across multiple blob containers.

3. The set of encryption keys for these chunks of content is itself encrypted using an independently generated master key.

a. The encrypted keys are stored in the SharePoint Content Database.

b. The master key to decrypt the keys to the chunks is itself stored in a separate secure store called the Key Store.

4. The “map” used to re-assemble the file from its components is stored in the Content Database along with the encrypted keys but separate from the master key needed to decrypt them.

5. Each blob container has its own unique credentials per access type (read, write, enumerate, and delete). Each set of credentials is held in the secure Key Store and is regularly refreshed.